FastCVE-API

A high-performance local API for searching and accessing NVD (National Vulnerability Database) data including CVE, CPE, and CPEMatch information.

Features

• Fast, in-memory CVE,CPE search powered by a caching system
• Search by software name, version, CVE ID, keywords, and CPE strings
• Local data storage to avoid external API rate limits
• Background index rebuilding
• CORS enabled for cross-origin requests
• Multi-threaded JSON file processing
• Cache persistence to disk for quick restarts

Prerequisites

• Python 3.8+
• Docker and Docker Compose (optional)
• 10+ GB of free disk space for NVD data

Installation

1. Clone the repository

git clone https://github.com/CobblePot59/FastCVE-API.git
cd FastCVE-API

2. Install Python Dependencies

pip install -r requirements.txt

3. Run the API

uvicorn main:app --reload --host 0.0.0.0 --port 8000

Or with Docker:

docker-compose up -d

Development

Project Structure

FastCVE-API/
├── app                  # FastAPI application
├── docker-compose.yml   # Docker composition file
├── Dockerfile           # Container definition
├── requirements.txt     # Python dependencies
└── data/                # NVD data directory (created at runtime)
    ├── cve/             # CVE JSON files
    ├── cpe/             # CPE JSON files
    └── cpematch/        # CPEMatch JSON files

Running Tests

# Health check
curl http://localhost:8000/health

# Search test
curl http://localhost:8000/api/cve/search?software=vlc

# CVE by ID test
curl http://localhost:8000/api/cve/CVE-2023-1234

# CPE search test
curl -X POST http://localhost:8000/api/cpe/search \
  -H "Content-Type: application/json" \
  -d '{"keywords": ["adobe"], "limit": 10}'

Future Enhancements

• Full-text search on CVE descriptions
• Advanced filtering (CVSS score range, date range)
• Export functionality (JSON, CSV)